All geek questions in one place

Unpermitted parameter using the Autodesk Autodesk attribute in the Rails API

I use Rails-api to create a test authentication application that uses the Devise_token_auth gem. User.rb model looks like

class User < ActiveRecord::Base
    before_save :set_auth_token

  # Include default devise modules.
  devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable,
          :confirmable, :omniauthable
  include DeviseTokenAuth::Concerns::User

  private
  def set_auth_token
    if self.authentication_token.blank?
      self.authentication_token = generate_authentication_token
    end
  end

  def generate_authentication_token
    loop do
      token = Devise.friendly_token
      break token unless User.where(authentication_token: token).first
    end
  end

end

routes.rb contains

mount_devise_token_auth_for 'User', at: 'auth'

I also use the default SessionController and RegistrationsController defined using the DeviseTokenAuth gem

My interface is created in Ember-cli, where I created a login form that uses Ember-simple-auth-devise, Defise authorizer to call / sign _in url rails api. A simple Ember algorithm wraps parameters such as

{"user"=>{"password"=>"[FILTERED]", "email"=>"test@mail.com"}}

while DeviseTokenAuth rails expect query parameters such as

{"password"=>"[FILTERED]", "email"=>"test@mail.com"}

An error has occurred

Processing by DeviseTokenAuth::RegistrationsController#create as JSON
   Parameters: {"user"=>{"password"=>"[FILTERED]", "email"=>"test@mail.com"}} 
 Unpermitted parameter: user

, Rails DeviseTokenAuth gem , "". OR Ember-simple-auth , , , , . Ember-simple-auth null,

    ENV['simple-auth-devise'] = {
     resourceName: null,
    serverTokenEndpoint: 'http://localhost:3000/auth/sign_in'
  };

Ember-simple-auth-devise? , "" , DeviseTokenAuth gem?

:

devise_token_auth (0.1.36)
  devise (~> 3.5.2)
  rails (~> 4.2)
"ember-simple-auth": "0.8.0"
+4
1

ember-simple-auth/addon/authenticators/devise.js .

app/authenticators/devise.js, :

import Devise from 'ember-simple-auth/authenticators/devise';

export default Devise.extend({});

:

import Ember from 'ember';
import Devise from 'ember-simple-auth/authenticators/devise';

const { RSVP: { Promise }, isEmpty, getProperties, run, get } = Ember;

export default Devise.extend({
  loginEndpoint: '/auth/sign_in',
  logoutEndpoint: '/auth/sign_out',

  authenticate(identification, password) {
    return new Promise((resolve, reject) => {
      let { identificationAttributeName } = getProperties(this, 'identificationAttributeName');
      let data = { password };
      data[identificationAttributeName] = identification;

      let requestOptions = { url: get(this, 'loginEndpoint') };

      this.makeRequest(data, requestOptions).then((response) => {
        if (response.ok) {
          response.json().then((json) => {
            let data = {
              account: json,
              accessToken: response.headers.get('access-token'),
              expiry: response.headers.get('expiry'),
              tokenType: response.headers.get('token-type'),
              uid: response.headers.get('uid'),
              client: response.headers.get('client')
            };

            if (this._validate(data)) {
              run(null, resolve, data);
            } else {
              run(null, reject, 'Check that server response header includes data token and valid.');
            }
          });
        } else {
          response.json().then((json) => run(null, reject, json));
        }
      }).catch((error) => run(null, reject, error));
    });
  },

  invalidate(data) {
    return new Promise((resolve, reject) => {
      let headers = {
        'access-token': data.accessToken,
        'expiry': data.expiry,
        'token-type': data.tokenType,
        'uid': data.uid,
        'client': data.client
      };

      let requestOptions = {
        url: get(this, 'logoutEndpoint'),
        method: 'DELETE',
        headers
      };

      this.makeRequest({}, requestOptions).then((response) => {
        response.json().then((json) => {
          if (response.ok) {
            run(null, resolve, json);
          } else {
            run(null, reject, json);
          }
        });
      }).catch((error) => run(null, reject, error));
    });
  },

  _validate(data) {
    let now = (new Date()).getTime();

    return !isEmpty(data.accessToken) && !isEmpty(data.expiry) && (data.expiry * 1000 > now) &&
      !isEmpty(data.tokenType) && !isEmpty(data.uid) && !isEmpty(data.client);
  }
});
+1

Source: https://habr.com/ru/post/1612650/

More articles:


All Articles